Tag Archives: hacked

Bitcoinica, a Bitcoin exchange started by a 17-year old teenager Zhou Tong, has been shut down for security investigations. Posting on BitCoin Talk forums, Zhou posted a message stating the exchange has been taken down for security investigations after noticing a suspicious transaction in which 18547.66 bitcoins(worth about $91,000) were transferred from the exchange.

Zhou maintains that apart from the Bitcoins, the database was also stolen but the passwords were salted and encrypted using bcrypt. Zhou mentions that the stolen bitcoins are likely to be reimbursed by Bitcoinica in USD. This isn’t the first time Bitcoinica’s been broken into; few months ago Bitcoinica’s bitcoin wallet which stored the funds were stolen due to a breach in Bitcoinica’s then webhost — Linode. Bitcoinica has been criticized for not making use of offline transactions which would’ve prevented both the break-ins.

Remember that nasty incident earlier this month where the online Microsoft storefront in India — whose operation, by the way, was outsourced to a local Indian company called Quasar Media — had their users’ passwords stored in plain text in the database? At the time, it was thought that no serious financial information was compromised.

In a previous email on Feb. 12, 2012, we notified you there may have been unauthorized access to some of your customer account information on the Microsoft Store India site (http://www.microsoftstore.co.in) operated by a third party. We suggested you reset your password, among other security precautions, and to contact us with further questions.

Further detailed investigation and review of data provided by the website operator revealed that financial information may have been exposed for some Microsoft Store India customers. So, as an additional precaution, if you used a credit card on the Microsoft Store India website, we recommend the following actions:

Contact your credit card provider and alert them to potential unauthorized access to your account information.
Closely monitor and review your credit card account for abnormal activity, and if seen, immediately contact your credit card provider.
Microsoft is committed to protecting customer privacy and takes this situation very seriously. We understand that you may have additional questions, so we have set up a team of specialists to address any of your concerns. Please call them between 9 a.m. and 9 p.m. at 1-800-102-1100.

Thank you,
Chakrapani Gollapali
General Manager, Microsoft India

Scary. Medianama is guessing that that perhaps Microsoft has learned that the hackers somehow breached the payment gateway itself, or that the site was also storing credit card payment credentials in plain text as well.

This is unfortunately a PR nightmare for Microsoft; having to retract a statement assuring customers that their financial data is safe reflects, well, horribly on them. But it’s worth noting that, while Microsoft is partly to blame here, we really need to aim the pitchforks and the riots at Quasar Media, the company that owned, operated, and managed the storefront. If you’re a client of theirs — low or high profile (which Quasar sadly has plenty of) — I strongly urge you to reconsider, lest you have a similar breach. No company that’s incompetent enough to store passwords in plain text deserves any business whatsoever, and we can only hope that Quasar suffers as a result.

Microsoft’s online storefront in India has been hacked and subsequently defaced by a Chinese hacking group that goes by the alias of EvilShadow. As of 12PM EST, visiting the website will display the message as screenshotted above. Links to the hackers’ blog have also been included, in which a post claiming responsibility for the attack can be found. With a little assistance of Google Translate, here’s what the post said:

Shut down the organization’s internal group (119,883,641) added directly to the channel, and security enthusiasts who are interested can send the original articles, animations, tools to the mailbox <snipped> audit the ok, was open to join.

On the “black page” — subtly labeled Evil.html — the infamous Anonymous mask can be found. Below the image is the text, “Evil Shadow Team..Unsafe system will be baptized …” along with another link to their blog.

The motives behind this hack are currently unclear, but it’s likely that it was performed as a playful challenge, and not for social or political reasons.

UPDATE: This attack is far more severe than initially imagined. As reported by HackTeach (oddly enough, it seems that images may not show in Google Chrome), the hackers managed to gain access to the database, where Microsoft carelessly stored password data in plain text.

If you had an account on microsoftstore.co.in, we urge you to change your password (or passwords, if you used the same password here on other services), as it has been compromised.

UPDATE 2: As noted by The Verge, the site is now back in the hands of Quasar Media Pvt. Ltd. (which, as the Microsoft Store India ToS points out, is the company that Microsoft outsourced the operations of this store to.) As of 2AM EST, they are working to bring the site back up. Let’s hope that they are adding proper password hashing/SALTing this time.

Symantec has now retracted its previous statement that the security breach which led to the leak of source codes of their older security products happened at a third part server, reports Reuters.

In a statement made to Reuters, spokesperson of Symantec, Cris Paden confirmed that the data breach occurred at the networks of Symantec in 2006.

“We really had to dig way back to find out that this was actually part of a source code theft. We are still investigating exactly how it was stolen”, he said.

Previously, it was assumed that the breach had occurred at a server of Indian Government. He also revealed that source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere were also obtained by the hackers. Symantec in their earlier statement had said that the source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 were the ones that leaked.

A few days ago, ‘Yama Tough’ who is acting as the spokesman of the hacking group Lords of Dharmaraja (who took the responsibility of breaching) tweeted that they will be releasing the code of pcAnywhere to the black hat community so that they can exploit its users using zero day vulnerabilities. They had also threatened of releasing the source code of Norton to the public, but backed out at the last moment tweeting,

We’ve decided not to release code to the public until we get full of it =) 1st we’ll own evrthn we can by 0din’ the sym code & pour mayhem

Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.

Symantec is still reiterating that the code leaked is old and there isn’t a huge risk for its customers provided that they are using the latest versions. But as long as they didn’t write the source codes of their latest products from scratch, there are chances that at least part of the leaked source code is still used. The leak however will be a great advantage for competing security product vendors to understand the working of the Symantec products and use it to improve their own products.

Zappos, an online retailer run by Amazon has suffered a security breach and has confirmed that its customer information was accessed.

In an email sent to its customers, CEO of Zappos, Tony Hsieh said,

We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).

Fortunately for its users, Tony has confirmed that the database containing the credit card information and shipping addresses was not breached. A similar kind of breach had occurred at CoveritLive, a few days ago. Like the breach at Zappos, while the hackers could access the username and/or password of CoveritLive users, luckily, they failed to get their hands on the financial data.

As a result of the breach, Zoppos has temporarily blocked international users and has cancelled telephone support. They are urging its users to contact them by email, in case they have any questions.

Zappos is now enforcing a password reset for all of its users. They are also working along with the law enforcement agencies on the investigation of the hacking incident. So if you have an account on Zappos, it is recommended that you change the password as soon as possible. Also, if you have the same password associated with any other online accounts, it would be wise to change that as well.

Huffington Post’s 1.5 million twitter followers were baffled for a minute to see a bunch of racist and homophobic tweets being posted today afternoon, until they realized that the publication’s account was compromised.

Apparently, the hacking was done by a person who calls himself ‘cloverfdch’. The offensive tweets have been taken down and things are back to normal now. Officials at Huffington Post haven’t yet reacted on the hacking incident.

UPDATE: Huffington Post has now posted a tweet acknowledging the hacking.

Coincidentally, the twitter and foursquare accounts of the actor Ashton Kutcher was also hacked at around the same time. His account has also been restored now. In Ashton’s case, it appears that the hacker accidentally revealed his own location by using his Foursquare account. Ashton has even posted a picture of the foursquare map with the hacker’s location on twitter.

It is not immediately clear whether their accounts were hacked by the same person.

Today morning, I woke up to see the following email from Cover It Live.

CoveritLive recently discovered that certain proprietary data files were accessed without authorization starting on or about January 7, 2012. We have not yet determined if, or to what extent, CoveritLive account information (i.e., user names, email addresses and/or passwords) was accessed. We do know, however, that no financial account information has been compromised.

…

We take this matter very seriously and will continue to work to ensure that all appropriate measures are taken to protect your personal information from unauthorized access. We also would like to take this moment to remind you of a couple of tips that should always be followed:

· Do not open emails from senders you do not know. Be especially cautious of “phishing” emails, where the sender tries to trick the recipient into disclosing confidential or personal information.

· Do not share personal or sensitive information via email. Legitimate companies will not attempt to collect personal information outside of a secure website.

We regret any inconvenience that this password change process may cause you. Please do not hesitate to contact us at [email protected] if you have any questions.

Sincerely,

CoveritLive Team

CoveritLive, as you might know, is a tool used primarily for live blogging. Many popular websites and blogs such as ESPN, USA Today and ZDNet use CoveritLive for live blogging.

According to the email sent to its customers, CoveritLive user’s passwords are encrypted and there is no evidence yet that they have been retrieved. The email also states that no financial data has been stolen, which is a major relief for its customers.

As of now, we don’t know exactly what kind of data was stolen. The company has started an investigation and hopefully more details will be released soon.

In the meantime, if you have a CoveritLive account, I strongly suggest that you change the password immediately. In fact, from today (January 14) onwards, CoveritLive will be enforcing a password reset for all of its users. So when you login to CoveritLive next time, you’ll be asked to change the password.

If you have been using the same password for any other accounts, it is a good idea to change that as well.

Katy Perry can breathe a little easier now. It turns out she wasn’t the steamiest thing to hit Sesame Street after all. According to ABC affiliate, KGO, YouTube took down the children’s entertainment channel for “repeated or severe violations of our Community Guidelines”. The violation you ask? Porn!

Before you fall out of your chair, know that Sesame Street’s channel was hacked. The hackers uploaded several porn movies to the site. According to an article by Naked Security (no pun intended) author, Graham Cluley, the porn was available for the world to see for about 20 minutes before being taken down. At this time, YouTube and Sesame Street are staying silent about it.

Not only did the hacker’s upload porn, they also managed to change the profile page for the channel. Here is an excerpt, which was caught by Naked Security’s blog:

WHO DOESN’T LOVE PORN KIDS? RIGHT! EVERYONE LOVES IT! IM MREDXWX AND MY PARTNER MRSUICIDER91 ARE HERE TO BRING YOU MANY NICE CONTENT! PLEASE DON’T LET SESAME STREET TO GET THIS ACCOUNT BACK KIDS :( PLEASE…LET ME AND MRSUICIDER91 HAVE IT AND WE GONNA MAKE ALL THE AMERICA HAPPY!

The YouTube profile MrEdxwx, mentioned in the quote is a legitimate channel, but they are adamantly denying having any role in this hack. It appears they are a gaming channel. According to their profile they state, “Please understand i did not hack sesame street , i RESPECT youtube community guidelines !” They also posted a plea in the form of a video, which you can view below.

It has barely been a year since Sesame Street pulled a duet between Katy Perry and Elmo from their show. Her outfit is pictured at the top of the article. You can see why some parents were a little concerned about the amount of cleavage their 6 year olds were going to be exposed to. Compared to today’s events, Katy Perry pales in comparison.

I remember back when Miss Piggy and Kermit were the only “steamy” romance on the block. It is a real shame that people have nothing better to do with their time than try to expose millions of children to pornography. I have to wonder if this has anything to do with Reddit’s recent decision to ban /r/jailbait, which was a very controversial child porn site, being shut down recently. Who knows? What I do know is that if these folks have the knowledge to hack a site like this, they ought to have the knowledge to do something constructive for society at large. Instead, they spend their time victimizing the most innocent of us all, our children.

In a continuing pattern of attacks on high profile targets, Electronic Arts has suffered a breach of security. The attack, which occurred on June 14, effected the message board system for one of the companies older titles.

According to EA, the server hosting the message board for Neverwinter Nights, a 10-year old game by BioWare, suffered a “highly sophisticates and unlawful” attack. In a post dates June 23, EA reports that, while no sensitive personal information like credit card or social security numbers were taken, a large amount of user’s personal data is at risk. This data included user names, encrypted passwords, e-mail addresses, mailing addresses, and phone numbers.

While the full extent of the hack is unknown, EA is assuring its users that they have re-secured the server and are working hard to inform anyone they believe to be affected by the attack. The company wrote in its forum post that it is e-mailing “all potentially affected users.”

If you are an active user of the Neverwinter Nights forum and do not receive an email from EA, then you may be one of the lucky ones who were unaffected. That doesn’t mean you can relax, however. It is important to remember that security measures are important.

With the recent surge in attacks on popular websites, we should all remember to practice good security practices. That includs being wary of who we give sensitive information to, as well as changing our passwords frequently.

As of this writing, no group has stepped up to claim responsibility for the hack. EA is continuing to investigate in hopes of discovering the full extent as well as the identity of the individual or group responsible.

I think Sony did not have a team of computer security consultants, simply. They produce Internal Sites like hotcakes. The databases are not protected. No encryption. They have much, but then a lot of servers, websites, which means there will always be flawed. Nothing is 100% secure.

Few days back, Sony Pictures was hacked by LulzSec, gaining access to the information in over 1 million user accounts. Sony has contacted the U.S. Federal Bureau of Investigation and are working together to track down the hackers.

Sony Europe’s website is now currently down for “scheduled maintenance”.